Modified Cryptosystem-Based Authentication Protocol for Internet of Things in Fog Networks

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-02-19 DOI:10.1002/cpe.70024

S. Kanthimathi, R. Sivakami, B. Indira

{"title":"Modified Cryptosystem-Based Authentication Protocol for Internet of Things in Fog Networks","authors":"S. Kanthimathi, R. Sivakami, B. Indira","doi":"10.1002/cpe.70024","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The advanced architecture called fog-driven IoT, positioned between the centralized cloud platform and IoT devices, aims to expand storage, computing, and network capabilities to the Internet edges. This setup ensures that services and resources from fog nodes are easily accessible and in proximity to the end-users and devices, reduces latency, enhances mobility, and provides location awareness. However, despite its benefits, the fog computing paradigm inherits security and privacy issues like those found in cloud computing. These concerns encompass challenges like message replay, impersonation, spoofing, man-in-the-middle attacks, and physical capture of IoT devices, posing potential risks to the system's security and privacy. In order to address these challenges, a new authentication protocol is proposed in this study, which encompasses five key phases: “node registration, fog server registration, node authentication, fog server authentication, and fail-safe authentication.” It begins with node registers on fog servers (FSs), establishing a foundation for trust and identity verification. The protocol then scales to authenticate the fog network, which consists of multiple FSs, each undergoes authentication within the cloud server, to ensure robustness and reliability across distributed servers. A significant innovation lies in the third phase, where mutual authentication is achieved using the Modified Blowfish (MBF) algorithm, promoting secure communication between FSs and nodes while ensuring stronger encryption and better protection against attacks. The fourth phase extends authentication mechanisms to the FS in which intra-fog authentication is done by the IKM scheme and inter-fog authentication is done by the IECC mechanism to manage cryptographic keys effectively within fog nodes and also enhance security in communication between different fog nodes. Additionally, a fail-safe authentication phase provides emergency response capabilities against potential attacks, bolstering the protocol's resilience. The proposed method's performance is validated against other well-known techniques to prove the supremacy of the method. At 75% data variation, the IECC scheme attained a better KCA attack value of 0.152, which surpasses the result of ECC, RSA, Blowfish, Fernet, ElGamal, NTRU, and CP-ABE. This potentially underscores the model's effectiveness in protecting data against known cryptographic vulnerabilities contrasting to other traditional techniques.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 4-5","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70024","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

The advanced architecture called fog-driven IoT, positioned between the centralized cloud platform and IoT devices, aims to expand storage, computing, and network capabilities to the Internet edges. This setup ensures that services and resources from fog nodes are easily accessible and in proximity to the end-users and devices, reduces latency, enhances mobility, and provides location awareness. However, despite its benefits, the fog computing paradigm inherits security and privacy issues like those found in cloud computing. These concerns encompass challenges like message replay, impersonation, spoofing, man-in-the-middle attacks, and physical capture of IoT devices, posing potential risks to the system's security and privacy. In order to address these challenges, a new authentication protocol is proposed in this study, which encompasses five key phases: “node registration, fog server registration, node authentication, fog server authentication, and fail-safe authentication.” It begins with node registers on fog servers (FSs), establishing a foundation for trust and identity verification. The protocol then scales to authenticate the fog network, which consists of multiple FSs, each undergoes authentication within the cloud server, to ensure robustness and reliability across distributed servers. A significant innovation lies in the third phase, where mutual authentication is achieved using the Modified Blowfish (MBF) algorithm, promoting secure communication between FSs and nodes while ensuring stronger encryption and better protection against attacks. The fourth phase extends authentication mechanisms to the FS in which intra-fog authentication is done by the IKM scheme and inter-fog authentication is done by the IECC mechanism to manage cryptographic keys effectively within fog nodes and also enhance security in communication between different fog nodes. Additionally, a fail-safe authentication phase provides emergency response capabilities against potential attacks, bolstering the protocol's resilience. The proposed method's performance is validated against other well-known techniques to prove the supremacy of the method. At 75% data variation, the IECC scheme attained a better KCA attack value of 0.152, which surpasses the result of ECC, RSA, Blowfish, Fernet, ElGamal, NTRU, and CP-ABE. This potentially underscores the model's effectiveness in protecting data against known cryptographic vulnerabilities contrasting to other traditional techniques.

查看原文本刊更多论文

雾网络中改进的基于密码系统的物联网认证协议

这种被称为“雾驱动物联网”的先进架构位于集中式云平台和物联网设备之间，旨在将存储、计算和网络能力扩展到互联网边缘。这种设置确保来自雾节点的服务和资源可以轻松访问，并且靠近最终用户和设备，减少延迟，增强移动性，并提供位置感知。然而，尽管雾计算范式有其优点，但它继承了云计算中的安全和隐私问题。这些问题包括消息重播、冒充、欺骗、中间人攻击和物联网设备的物理捕获等挑战，对系统的安全和隐私构成潜在风险。为了应对这些挑战，本研究提出了一种新的身份验证协议，其中包括五个关键阶段：“节点注册、雾服务器注册、节点身份验证、雾服务器身份验证和故障安全身份验证。”它从雾服务器（fs）上的节点注册开始，为信任和身份验证建立基础。然后，该协议扩展到对雾网络进行身份验证，雾网络由多个fs组成，每个fs都在云服务器中进行身份验证，以确保跨分布式服务器的健壮性和可靠性。一个重要的创新在于第三阶段，其中使用改进的Blowfish （MBF）算法实现相互认证，促进fs和节点之间的安全通信，同时确保更强的加密和更好的防御攻击。第四阶段将认证机制扩展到FS，其中由IKM方案进行雾内认证，由IECC机制进行雾间认证，以有效地管理雾节点内的加密密钥，并增强不同雾节点之间通信的安全性。此外，故障安全身份验证阶段提供了针对潜在攻击的紧急响应功能，增强了协议的弹性。通过与其他已知技术的对比，验证了该方法的优越性。在75%的数据变异情况下，IECC方案的KCA攻击值为0.152，优于ECC、RSA、Blowfish、Fernet、ElGamal、NTRU和CP-ABE的结果。与其他传统技术相比，这潜在地强调了该模型在保护数据免受已知加密漏洞侵害方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.